POSTER: Preliminary Analysis of Google+’s Privacy

Shah MahmoodDepartment of Computer Science,

University College London,United Kingdom

shah.mahmood@cs.ucl.ac.uk

Yvo DesmedtDepartment of Computer Science,

University College London,United Kingdom

y.desmedt@cs.ucl.ac.uk

ABSTRACTIn this paper we provide a preliminary analysis of Google+privacy. We identified that Google+ shares photo metadatawith users who can access the photograph and discuss its po-tential impact on privacy. We also identified that Google+encourages the provision of other names including maidenname, which may help criminals performing identity theft.We show that Facebook lists are a superset of Google+ cir-cles, both functionally and logically, even though Google+provides a better user interface. Finally we compare theuse of encryption and depth of privacy control in Google+versus in Facebook.

Categories and Subject DescriptorsK.4.1 [Computer and Society]: Public Policy Issues -Privacy ; K.6.5 [Management of Computing and Infor-mation Systems]: Security and Privacy

General TermsSecurity

KeywordsGoogle+, Social Network, Privacy, Facebook

1. INTRODUCTIONGoogle launched its latest social networking site Google+

on June 28th, 2011. According to comScore, an Internettraffic watcher, Google+ registered 25 million users in itsfirst 5 weeks [16], which motivates a close scrutiny. Cur-rent leader of social networking market and the key rivalof Google+, Facebook, has over 750 million registered users[14]. Facebook users share more than 30 billion pieces ofcontent (photos, videos, web links, notes, blog posts etc.)every month.

Google+ like other social networks is used for sharing pri-vate information including status updates, occupation, em-ployment history, home and work addresses, contact num-bers, relationship status, photos, videos, etc. As Google+’smarket penetration grows, so will the amount of data sharedby its users. With the enormous amount of data producedon social networks, privacy is one of the issues widely dis-cussed both in media and academia [3]. Considering the

Copyright is held by the author/owner(s).CCS’11, October 17–21, 2011, Chicago, Illinois, USA.ACM 978-1-4503-0948-6/11/10.

importance of protection of the private information of itsusers Google+ has introduced circles as a new concept toaddress the issue.

Use of social networks has resulted in disclosure of embar-rassing information, loss of employment, suspension fromschool, and blackmail [4]. Social networks are also used forsocial phishing attacks. Phishers harvest email addresses tofind the real names and social network profiles of their vic-tims [17]. This harvest is possible because both Google+and Facebook require its users to use their real names andallow search based on email addresses. Once the real namesand social network profiles are found, phishers extract moreinformation including people in the circles (or friend list) ofthe victim, any comments, events attended etc. This infor-mation is then used to craft personalized phishing attacks,called social phishing [13]. Identity theft is costing US econ-omy $15.6 billion a year [12]. Moreover, social network sta-tus updates facilitated robberies on several occasions, wherethe owner announced absence from their property for a cer-tain duration [15]. Furthermore, the large amount of data isalso of interest to advertisers and marketers. According toa survey by Social Media Examiner over 92% marketers usesocial networks as a tool [18].

In view of the above discussion, it is very important andtimely to analyze Google+ and identify any privacy relatedissues. This is the main goal of this paper.

Our contributions:

• We provide a preliminary analysis of privacy in Google+.We identify that Google+ shares the metadata of photosuploaded which could lead to privacy violations, discussedin Section 2.1. Moreover, Google+ encourages its users toprovide their past addresses and other names e.g. maidenname which could be used for identity theft. For furtherdetails see Section 2.2.

• We compare Google+ circles (it’s main privacy sellingpoint) to Facebook lists. We show that, although Google+circles have a better graphical user interface, they are log-ically and functionally a subset of Facebook lists. Detailsare provided in Section 2.3.

• We also make other comparisons between Facebook andGoogle+ including the use of encryption and the abilityto disable comments and message sharing. Further detailsare provided in Section 2.4

2. GOOGLE+ PRIVACYIn this section we present some privacy related problems

809

Figure 1: Metadata from a photo by Larry Page onGoogle+

and features of Google+. We also make a comparison withFacebook, when applicable.

2.1 Google+’s photo metadataWhen a user uploads a photo on Google+, some metadata

including the name of the photo owner, the date and timethe photo was taken, the make and model of the camera etc.are made available to those with whom the photo is shared.This set of information, in particular the date and time,may at first look relatively innocent and trivial, but couldin reality lead to some serious privacy concerns. On August10, 2007, in Pennsylvania (USA), a divorce lawyer provedthe spouse of the client being unfaithful to his partner, whenthe electronic toll records showed him in New Jersey (USA)on that night and not in a business meeting in Pennsylvania[9]. With the metadata revealed by Google+ a user mightleak enough information to be legally held liable on similaraccounts.

Similarly, the make of the camera could be another con-cern for privacy. Higher end cameras cost thousands of dol-lars. There have been past incidents where the victims werekilled for their cameras. In May 2011, a Greek citizen, 44,was killed for his camera when taking his wife to the hospitalfor child birth [19].

Just to give an example of the level of information a pic-ture exposes about the camera, look at the metadata of thepublicly shared pictures (from his Google+ profile) of Googleco-founder Larry Page, shown in Figure 1. It reveals thatthey he used a Canon EOS 5D Mark II camera to shoot hisvacation photographs. This camera is worth approximatelyUSD 2000. This gives the robber incentives.

2.2 Cities lived in and other names on profileIn the “About” section of personal information, Google+

encourages its user to provide the names of cities the userlived in and other names. In the text box for other names,they write“For example: maiden name, alternative spelling”.

Figure 2: Google+ Circles

Figure 3: Share content with list“All” but hide fromlist “CoWorkers” on Facebook

Messages, photos and comments on social networks and otheronline sources can be used to infer family relationships. So,if someone can link a profile to the profile of the mother andif the mother provides the maiden name, then this could beused for identity theft, as mother’s maiden name is one ofthe most widely used secret question [5]. Moreover, the pastaddresses can only help the attacker with such attacks.

2.3 Google+ circles vs Facebook listsPaul Adams, then a Google employee, introduced the con-

cept of social circles [2]. These social circles act as the foun-dation of circles in Google+. In Google+, by default thereare four circles: “friends”, “family”, “acquaintances”and“fol-lowing”. We can remove/ rename any of the default circlesor add new circles. A user can add any of her contacts toone or more circles just by a simple drag and drop. Fig-ure 2 shows the graphical interface of Google+ circles. Theintersection of two or more circles can be a non-empty set.

A user can share the content of her choice with a specificset of her circles, all her circles, her extended circles(peoplein all her circles and all people in the circles of the people inher circles) and with the public (everyone). Google+ doesnot allow any exceptions, i.e. , if some content is shared witha larger circle, there is no way to exclude any subset of thatcircle. Anything shared with the public is shared with allcircles including the family and friends circle, which mightnot be what the user may require.

Facebook on the other hand calls all the user’s connectionsas “friends”. Friends could be divided into groups called“lists”. There is no default list, so any structure has to becreated from scratch. Content on Facebook can be sharedwith one or more lists, exactly like Google+ circles. But,there is one difference that makes Facebook lists more ro-bust than Google+ circles i.e. the possibility of making ex-ceptions. In Facebook, we can limit access of our contentto a list which is a subsets of a set of lists with whom the

810

content is shared. This means, we can share a message witha list called “All” (containing all our contacts) and still makethe content invisibile to our“CoWorkers”, as shown in Figure3.

As Facebook’s list creation was relatively cumbersome,recently a Facebook application called “Circle Hack” [1] hasbeen launched which provides the Google+ circles graphicalinterface for Facebook lists. The possibility and use of thisapplication further proves our claim that Facebook lists arelogically and functionally a superset of Google+ circles.

2.4 Google+ vs Facebook: other comparisonsFacebook uses an encrypted channel only for user authen-

tication (login) while Google+ uses it throughout the con-nection. This makes it harder to launch a man in the mid-dle attack against Google+. Moreover, Google+ allows finercontrol of the content shared by a user. A user can disablecomments on a post at any time and enable it again later.This could be a useful option to calm down any heated dis-cussions, on the users wall, between two contacts over theshared content or anything else. Facebook, on the otherhand, provides its users only with coarser control i.e. theycan only block a user from the entire wall but not on an in-dividual content basis (if it was initially shared with them).Furthermore, Google+ allows disabling the resharing of acontent at any instant on a content by content basis, againits not possible in Facebook. Finally, Google+ allows itsusers to edit their comments whenever they want. The timestamp of the last editing remains visible on a comment, sousers may modify or backtrack their comments at any time.This too is not possible in Facebook.

3. RELATED WORKBradshaw identified the first privacy flaw in Google+ [7].

The flaw was that any content shared with a particular cir-cle could be reshared with anyone by someone from thosecircles. Although resharing of information is always possi-ble in the electronic world, if someone downloads a copy andupload it again. But, the simplicity and provision of a sharebutton without proper authorization is a privacy problem.This problem is now fixed by Google+.

Social networks privacy and its potential threats havebeen widely studied in recent years. One of the earliestworks on potential threats to individual’s privacy includ-ing stalking, embarrassment and identity theft was done byGross et al. [11].

Felt [10] presented a vulnerability in Facebook MarkupLanguage which lead to session hijacking. Bonneau andDhingra independently presented conditional and limitedunauthorized access to Facebook photos [6, 8].

4. CONCLUSIONTo conclude, we provided a preliminary analysis of Google+

privacy. We expressed concern that Google+ shares themetadata of the photos uploaded by its users. We alsoshowed that Google+ encourages its users to provide theirother names, e.g. , maiden names which may help in iden-tity theft. Moreover, we provided a comparison of Google+circles with Facebook lists and showed that the latter is asuperset of the former, both logically and functionally eventhough Google+ provides a better graphical interface. Fi-nally, we provided other comparisons, including the use of

encryption and the possibility of modifying comments at alater stage, between Facebook and Google+.

5. REFERENCES[1] Circle hack. http://www.circlehack.com, 2011.

[2] P. Adams. The real life social network v2.http://www.slideshare.net/padday/the-real-life-social-network-v2,2010.

[3] R. J. Anderson. Security engineering - a guide tobuilding dependable distributed systems (2. ed.). Wiley,2008.

[4] D. Barret and M. H. Saul. ”weiner now says he sentphotos”. The Wall Street Journal, June 7, 2011.

[5] H. Berghel. Identity Theft, Social Security Numbers,and the Web. Commun. ACM, 43(2):17–21, 2000.

[6] J. Bonneau. New facebook photo hacks. 2009.http://www.lightbluetouchpaper.org/2009/02/11/new-facebook-photo-hacks.

[7] T. Bradshaw. The first google+ privacy flaw. TheFinancial Times, June 6, 2011.

[8] A. Dhingra. Where you did sleep last night? ...thankyou, i already know! iSChannel, 3(1), 2008.

[9] A. M. Donald and L. F. Cranor. ”how technologydrives vehicular privacy”. The Journal of Law andPolicy for the Information Society, 2, 2006.

[10] A. Felt. Defacing facebook: A security case study.2007.http://www.cs.virginia.edu/felt/fbook/facebook-xss.pdf.

[11] R. Gross, A. Acquisti, and H. J. H. III. Informationrevelation and privacy in online social networks. InWPES, pages 71–80, 2005.

[12] N. Hotler and M. Seganish. Using identity theft toteach enterprise risk management - make it personal!Journal of Business Case Studies, 4(6), 2008.

[13] T. N. Jagatic, N. A. Johnson, M. Jakobsson, andF. Menczer. Social phishing. Commun. ACM,50(10):94–100, 2007.

[14] M. McGee. Facebook hits 750 million users; zuckerbergyawns. http://searchengineland.com/facebook-hits-750-million-users-84439.

[15] D. L. Michael Henderson, Melissa de Zwart andM. Phillips. Will u friend me? Legal Risks of SocialNetworking Sites. Monash University, 2011.

[16] A. Petri. ”why Facebook, Google+: the green-eyedmonster gains another eye”. The Washington Post,August 5, 2011.

[17] I. Polakis, G. Kontaxis, S. Antonatos, E. Gessiou,T. Petsas, and E. P. Markatos. Using social networksto harvest email addresses. In WPES, pages 11–20,2010.

[18] M. Stelzner. Social media marketing industry report.http://www.socialmediaexaminer.com/SocialMediaMarketingReport2011.pdf, 2011.

[19] N. Weeks. Greek police detain 24 in athens immigrantclash after murder.http://www.bloomberg.com/news/2011-05-11/greek-police-detain-24-in-athens-immigrant-clash-after-murder.html,2011.

811